2010-03-10 15:03:40 +03:00
< ? php
/**
2011-04-15 21:24:23 +04:00
* ownCloud
*
* @ author Frank Karlitschek
2012-05-26 21:14:24 +04:00
* @ copyright 2012 Frank Karlitschek frank @ owncloud . org
2011-04-15 21:24:23 +04:00
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
*
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
2010-03-10 15:03:40 +03:00
2011-08-02 20:31:42 +04:00
/**
* Class that is a namespace for all global OC variables
2011-08-06 13:36:56 +04:00
* No , we can not put this class in its own file because it is used by
* OC_autoload !
2011-08-02 20:31:42 +04:00
*/
class OC {
/**
* Assoziative array for autoloading . classname => filename
*/
public static $CLASSPATH = array ();
2011-08-02 20:48:19 +04:00
/**
2011-08-07 01:04:39 +04:00
* The installation path for owncloud on the server ( e . g . / srv / http / owncloud )
2011-08-02 20:48:19 +04:00
*/
public static $SERVERROOT = '' ;
/**
2011-08-07 01:04:39 +04:00
* the current request path relative to the owncloud root ( e . g . files / index . php )
2011-08-02 20:48:19 +04:00
*/
2012-05-11 23:31:51 +04:00
private static $SUBURI = '' ;
2011-08-02 20:48:19 +04:00
/**
2011-08-07 01:04:39 +04:00
* the owncloud root path for http requests ( e . g . owncloud / )
2011-08-02 20:48:19 +04:00
*/
public static $WEBROOT = '' ;
2012-02-23 18:37:38 +04:00
/**
* The installation path of the 3 rdparty folder on the server ( e . g . / srv / http / owncloud / 3 rdparty )
*/
public static $THIRDPARTYROOT = '' ;
/**
* the root path of the 3 rdparty folder for http requests ( e . g . owncloud / 3 rdparty )
*/
public static $THIRDPARTYWEBROOT = '' ;
2012-04-18 10:20:51 +04:00
/**
2012-09-07 16:05:51 +04:00
* The installation path array of the apps folder on the server ( e . g . / srv / http / owncloud ) 'path' and
2012-09-05 14:22:38 +04:00
* web path in 'url'
2012-04-18 10:20:51 +04:00
*/
2012-06-02 02:05:20 +04:00
public static $APPSROOTS = array ();
2012-04-18 10:20:51 +04:00
/*
* requested app
*/
public static $REQUESTEDAPP = '' ;
/*
* requested file of app
*/
public static $REQUESTEDFILE = '' ;
2012-05-22 22:22:53 +04:00
/**
* check if owncloud runs in cli mode
*/
public static $CLI = false ;
2012-08-02 19:47:38 +04:00
/*
* OC router
*/
protected static $router = null ;
2011-08-06 13:36:56 +04:00
/**
* SPL autoload
*/
2012-09-07 17:22:01 +04:00
public static function autoload ( $className ) {
2012-09-04 16:34:09 +04:00
if ( array_key_exists ( $className , OC :: $CLASSPATH )) {
2012-10-09 20:26:38 +04:00
$path = OC :: $CLASSPATH [ $className ];
2012-06-22 02:22:36 +04:00
/** @ TODO : Remove this when necessary
Remove " apps/ " from inclusion path for smooth migration to mutli app dir
*/
2012-10-09 20:26:38 +04:00
if ( strpos ( $path , 'apps/' ) === 0 ) {
OC_Log :: write ( 'core' , 'include path for class "' . $className . '" starts with "apps/"' , OC_Log :: DEBUG );
$path = str_replace ( 'apps/' , '' , $path );
}
2011-08-06 13:36:56 +04:00
}
2012-09-04 16:34:09 +04:00
elseif ( strpos ( $className , 'OC_' ) === 0 ) {
2012-09-04 16:42:58 +04:00
$path = strtolower ( str_replace ( '_' , '/' , substr ( $className , 3 )) . '.php' );
2011-08-06 13:36:56 +04:00
}
2012-09-07 20:30:48 +04:00
elseif ( strpos ( $className , 'OC\\' ) === 0 ) {
$path = strtolower ( str_replace ( '\\' , '/' , substr ( $className , 3 )) . '.php' );
}
2012-09-04 16:34:09 +04:00
elseif ( strpos ( $className , 'OCP\\' ) === 0 ) {
2012-09-04 16:54:38 +04:00
$path = 'public/' . strtolower ( str_replace ( '\\' , '/' , substr ( $className , 3 )) . '.php' );
2012-04-23 17:50:30 +04:00
}
2012-09-04 16:34:09 +04:00
elseif ( strpos ( $className , 'OCA\\' ) === 0 ) {
2012-09-04 16:42:58 +04:00
$path = 'apps/' . strtolower ( str_replace ( '\\' , '/' , substr ( $className , 3 )) . '.php' );
2012-07-20 19:42:32 +04:00
}
2012-09-04 16:34:09 +04:00
elseif ( strpos ( $className , 'Sabre_' ) === 0 ) {
$path = str_replace ( '_' , '/' , $className ) . '.php' ;
2011-09-18 22:57:05 +04:00
}
2012-10-27 13:32:16 +04:00
elseif ( strpos ( $className , 'Symfony\\Component\\Routing\\' ) === 0 ) {
$path = 'symfony/routing/' . str_replace ( '\\' , '/' , $className ) . '.php' ;
2012-07-21 21:43:50 +04:00
}
2012-10-17 14:25:34 +04:00
elseif ( strpos ( $className , 'Sabre\\VObject' ) === 0 ) {
2012-10-27 18:33:10 +04:00
$path = str_replace ( '\\' , '/' , $className ) . '.php' ;
2012-10-17 14:25:34 +04:00
}
2012-09-05 14:22:38 +04:00
elseif ( strpos ( $className , 'Test_' ) === 0 ) {
2012-09-04 16:42:58 +04:00
$path = 'tests/lib/' . strtolower ( str_replace ( '_' , '/' , substr ( $className , 5 )) . '.php' );
2012-09-22 16:51:34 +04:00
}
elseif ( strpos ( $className , 'Test\\' ) === 0 ) {
$path = 'tests/lib/' . strtolower ( str_replace ( '\\' , '/' , substr ( $className , 5 )) . '.php' );
2012-09-01 17:36:07 +04:00
} else {
return false ;
2012-02-12 21:06:32 +04:00
}
2012-09-07 16:05:51 +04:00
2012-09-04 16:34:09 +04:00
if ( $fullPath = stream_resolve_include_path ( $path )) {
2012-10-12 17:38:16 +04:00
require_once $fullPath ;
2012-09-01 03:46:31 +04:00
}
return false ;
2011-07-27 21:07:28 +04:00
}
2010-06-27 02:16:09 +04:00
2012-09-07 17:22:01 +04:00
public static function initPaths () {
2012-06-16 00:35:09 +04:00
// calculate the root directories
2012-09-28 17:29:41 +04:00
OC :: $SERVERROOT = str_replace ( " \\ " , '/' , substr ( __DIR__ , 0 , - 4 ));
2012-09-04 16:34:09 +04:00
OC :: $SUBURI = str_replace ( " \\ " , " / " , substr ( realpath ( $_SERVER [ " SCRIPT_FILENAME " ]), strlen ( OC :: $SERVERROOT )));
2011-09-18 22:57:05 +04:00
$scriptName = $_SERVER [ " SCRIPT_NAME " ];
2012-09-04 16:34:09 +04:00
if ( substr ( $scriptName , - 1 ) == '/' ) {
2011-09-18 22:57:05 +04:00
$scriptName .= 'index.php' ;
2012-02-26 07:09:48 +04:00
//make sure suburi follows the same rules as scriptName
2012-09-04 16:34:09 +04:00
if ( substr ( OC :: $SUBURI , - 9 ) != 'index.php' ) {
2012-09-04 16:46:43 +04:00
if ( substr ( OC :: $SUBURI , - 1 ) != '/' ) {
2012-02-26 07:09:48 +04:00
OC :: $SUBURI = OC :: $SUBURI . '/' ;
}
OC :: $SUBURI = OC :: $SUBURI . 'index.php' ;
}
2011-09-18 22:57:05 +04:00
}
2012-08-10 15:53:40 +04:00
2012-09-04 16:34:09 +04:00
OC :: $WEBROOT = substr ( $scriptName , 0 , strlen ( $scriptName ) - strlen ( OC :: $SUBURI ));
2012-02-23 18:37:38 +04:00
2012-09-04 16:34:09 +04:00
if ( OC :: $WEBROOT != '' and OC :: $WEBROOT [ 0 ] !== '/' ) {
2011-09-18 22:57:05 +04:00
OC :: $WEBROOT = '/' . OC :: $WEBROOT ;
}
2011-03-03 00:18:22 +03:00
2012-03-23 21:52:41 +04:00
// ensure we can find OC_Config
set_include_path (
OC :: $SERVERROOT . '/lib' . PATH_SEPARATOR .
get_include_path ()
);
2012-02-23 18:37:38 +04:00
// search the 3rdparty folder
2012-09-04 16:34:09 +04:00
if ( OC_Config :: getValue ( '3rdpartyroot' , '' ) <> '' and OC_Config :: getValue ( '3rdpartyurl' , '' ) <> '' ) {
2012-02-23 18:37:38 +04:00
OC :: $THIRDPARTYROOT = OC_Config :: getValue ( '3rdpartyroot' , '' );
OC :: $THIRDPARTYWEBROOT = OC_Config :: getValue ( '3rdpartyurl' , '' );
2012-09-04 16:34:09 +04:00
} elseif ( file_exists ( OC :: $SERVERROOT . '/3rdparty' )) {
2012-02-23 18:37:38 +04:00
OC :: $THIRDPARTYROOT = OC :: $SERVERROOT ;
OC :: $THIRDPARTYWEBROOT = OC :: $WEBROOT ;
2012-09-04 16:34:09 +04:00
} elseif ( file_exists ( OC :: $SERVERROOT . '/../3rdparty' )) {
2012-03-02 01:04:13 +04:00
OC :: $THIRDPARTYWEBROOT = rtrim ( dirname ( OC :: $WEBROOT ), '/' );
OC :: $THIRDPARTYROOT = rtrim ( dirname ( OC :: $SERVERROOT ), '/' );
2012-02-23 18:37:38 +04:00
} else {
echo ( " 3rdparty directory not found! Please put the ownCloud 3rdparty folder in the ownCloud folder or the folder above. You can also configure the location in the config.php file. " );
exit ;
}
2012-02-28 21:21:23 +04:00
// search the apps folder
2012-06-08 00:36:55 +04:00
$config_paths = OC_Config :: getValue ( 'apps_paths' , array ());
2012-09-04 16:34:09 +04:00
if ( ! empty ( $config_paths )) {
2012-06-08 00:36:55 +04:00
foreach ( $config_paths as $paths ) {
2012-06-25 17:50:27 +04:00
if ( isset ( $paths [ 'url' ]) && isset ( $paths [ 'path' ])) {
2012-09-04 16:34:09 +04:00
$paths [ 'url' ] = rtrim ( $paths [ 'url' ], '/' );
$paths [ 'path' ] = rtrim ( $paths [ 'path' ], '/' );
2012-06-25 17:50:27 +04:00
OC :: $APPSROOTS [] = $paths ;
}
2012-06-04 01:13:30 +04:00
}
2012-09-04 16:34:09 +04:00
} elseif ( file_exists ( OC :: $SERVERROOT . '/apps' )) {
2012-06-25 17:50:27 +04:00
OC :: $APPSROOTS [] = array ( 'path' => OC :: $SERVERROOT . '/apps' , 'url' => '/apps' , 'writable' => true );
2012-09-04 16:34:09 +04:00
} elseif ( file_exists ( OC :: $SERVERROOT . '/../apps' )) {
2012-06-25 17:50:27 +04:00
OC :: $APPSROOTS [] = array ( 'path' => rtrim ( dirname ( OC :: $SERVERROOT ), '/' ) . '/apps' , 'url' => '/apps' , 'writable' => true );
2012-06-02 02:05:20 +04:00
}
2012-06-04 01:13:30 +04:00
2012-09-04 16:34:09 +04:00
if ( empty ( OC :: $APPSROOTS )) {
2012-02-28 21:21:23 +04:00
echo ( " apps directory not found! Please put the ownCloud apps folder in the ownCloud folder or the folder above. You can also configure the location in the config.php file. " );
exit ;
}
2012-06-04 01:13:30 +04:00
$paths = array ();
foreach ( OC :: $APPSROOTS as $path )
$paths [] = $path [ 'path' ];
2012-02-23 18:37:38 +04:00
2011-09-18 22:57:05 +04:00
// set the right include path
2012-03-01 23:56:51 +04:00
set_include_path (
OC :: $SERVERROOT . '/lib' . PATH_SEPARATOR .
OC :: $SERVERROOT . '/config' . PATH_SEPARATOR .
OC :: $THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR .
2012-10-23 02:28:12 +04:00
implode ( $paths , PATH_SEPARATOR ) . PATH_SEPARATOR .
2012-03-01 23:56:51 +04:00
get_include_path () . PATH_SEPARATOR .
OC :: $SERVERROOT
);
2012-03-20 00:42:59 +04:00
}
2011-04-16 14:18:42 +04:00
2012-03-20 00:42:59 +04:00
public static function checkInstalled () {
2012-02-12 02:37:35 +04:00
// Redirect to installer if not installed
2012-08-11 19:07:35 +04:00
if ( ! OC_Config :: getValue ( 'installed' , false ) && OC :: $SUBURI != '/index.php' ) {
2012-09-04 16:34:09 +04:00
if ( ! OC :: $CLI ) {
2012-08-11 19:07:35 +04:00
$url = 'http://' . $_SERVER [ 'SERVER_NAME' ] . OC :: $WEBROOT . '/index.php' ;
header ( " Location: $url " );
2012-08-09 10:55:51 +04:00
}
2012-02-12 02:37:35 +04:00
exit ();
}
2012-03-20 00:42:59 +04:00
}
2012-02-12 02:37:35 +04:00
2012-03-20 00:42:59 +04:00
public static function checkSSL () {
2011-09-18 22:57:05 +04:00
// redirect to https site if configured
2012-09-04 16:34:09 +04:00
if ( OC_Config :: getValue ( " forcessl " , false )) {
2012-10-10 20:56:14 +04:00
header ( 'Strict-Transport-Security: max-age=31536000' );
2011-09-23 15:52:10 +04:00
ini_set ( " session.cookie_secure " , " on " );
2012-08-07 00:16:45 +04:00
if ( OC_Request :: serverProtocol () <> 'https' and ! OC :: $CLI ) {
$url = " https:// " . OC_Request :: serverHost () . $_SERVER [ 'REQUEST_URI' ];
2011-09-18 22:57:05 +04:00
header ( " Location: $url " );
exit ();
}
}
2012-03-20 00:42:59 +04:00
}
2010-03-10 15:03:40 +03:00
2012-03-20 00:42:59 +04:00
public static function checkUpgrade () {
2012-09-04 16:34:09 +04:00
if ( OC_Config :: getValue ( 'installed' , false )) {
$installedVersion = OC_Config :: getValue ( 'version' , '0.0.0' );
$currentVersion = implode ( '.' , OC_Util :: getVersion ());
2012-01-08 16:01:41 +04:00
if ( version_compare ( $currentVersion , $installedVersion , '>' )) {
2012-10-30 01:03:18 +04:00
// Check if the .htaccess is existing - this is needed for upgrades from really old ownCloud versions
if ( isset ( $_SERVER [ 'SERVER_SOFTWARE' ]) && strstr ( $_SERVER [ 'SERVER_SOFTWARE' ], 'Apache' )) {
if ( ! OC_Util :: ishtaccessworking ()) {
2012-10-30 01:44:49 +04:00
if ( ! file_exists ( OC :: $SERVERROOT . '/data/.htaccess' )) {
$content = " deny from all \n " ;
$content .= " IndexIgnore * " ;
file_put_contents ( OC_Config :: getValue ( 'datadirectory' , OC :: $SERVERROOT . '/data' ) . '/.htaccess' , $content );
}
2012-10-30 01:03:18 +04:00
}
}
2012-09-04 16:34:09 +04:00
OC_Log :: write ( 'core' , 'starting upgrade from ' . $installedVersion . ' to ' . $currentVersion , OC_Log :: DEBUG );
2012-01-16 04:13:54 +04:00
$result = OC_DB :: updateDbFromStructure ( OC :: $SERVERROOT . '/db_structure.xml' );
2012-09-04 16:34:09 +04:00
if ( ! $result ) {
2012-01-16 04:13:54 +04:00
echo 'Error while upgrading the database' ;
die ();
}
2012-02-18 01:01:53 +04:00
if ( file_exists ( OC :: $SERVERROOT . " /config/config.php " ) and ! is_writable ( OC :: $SERVERROOT . " /config/config.php " )) {
$tmpl = new OC_Template ( '' , 'error' , 'guest' );
2012-09-04 16:34:09 +04:00
$tmpl -> assign ( 'errors' , array ( 1 => array ( 'error' => " Can't write into config directory 'config' " , 'hint' => " You can usually fix this by giving the webserver user write access to the config directory in owncloud " )));
2012-02-18 01:01:53 +04:00
$tmpl -> printPage ();
exit ;
}
2012-09-12 09:18:07 +04:00
$minimizerCSS = new OC_Minimizer_CSS ();
$minimizerCSS -> clearCache ();
$minimizerJS = new OC_Minimizer_JS ();
$minimizerJS -> clearCache ();
2012-09-04 16:34:09 +04:00
OC_Config :: setValue ( 'version' , implode ( '.' , OC_Util :: getVersion ()));
2012-06-16 22:50:52 +04:00
OC_App :: checkAppsRequirements ();
2012-06-26 22:41:11 +04:00
// load all apps to also upgrade enabled apps
OC_App :: loadApps ();
2012-01-08 16:01:41 +04:00
}
}
2012-03-20 00:42:59 +04:00
}
2012-03-31 01:31:05 +04:00
public static function initTemplateEngine () {
// Add the stuff we need always
2012-05-12 01:20:27 +04:00
OC_Util :: addScript ( " jquery-1.7.2.min " );
2012-03-31 01:31:05 +04:00
OC_Util :: addScript ( " jquery-ui-1.8.16.custom.min " );
OC_Util :: addScript ( " jquery-showpassword " );
OC_Util :: addScript ( " jquery.infieldlabel.min " );
OC_Util :: addScript ( " jquery-tipsy " );
OC_Util :: addScript ( " oc-dialogs " );
OC_Util :: addScript ( " js " );
2012-09-28 15:30:44 +04:00
// request protection token MUST be defined after the jquery library but before any $('document').ready()
OC_Util :: addScript ( " requesttoken " );
2012-03-31 01:31:05 +04:00
OC_Util :: addScript ( " eventsource " );
OC_Util :: addScript ( " config " );
//OC_Util::addScript( "multiselect" );
2012-09-04 16:34:09 +04:00
OC_Util :: addScript ( 'search' , 'result' );
2012-10-05 11:42:36 +04:00
OC_Util :: addScript ( 'router' );
2012-08-09 03:02:05 +04:00
2012-09-05 14:22:38 +04:00
if ( OC_Config :: getValue ( 'installed' , false )) {
2012-09-04 16:34:09 +04:00
if ( OC_Appconfig :: getValue ( 'core' , 'backgroundjobs_mode' , 'ajax' ) == 'ajax' ) {
2012-08-10 15:53:40 +04:00
OC_Util :: addScript ( 'backgroundjobs' );
}
2012-08-09 03:02:05 +04:00
}
2012-08-29 10:38:33 +04:00
2012-03-31 01:31:05 +04:00
OC_Util :: addStyle ( " styles " );
OC_Util :: addStyle ( " multiselect " );
OC_Util :: addStyle ( " jquery-ui-1.8.16.custom " );
OC_Util :: addStyle ( " jquery-tipsy " );
}
public static function initSession () {
2012-10-14 22:47:31 +04:00
// prevents javascript from accessing php session cookies
2012-09-04 16:34:09 +04:00
ini_set ( 'session.cookie_httponly' , '1;' );
2012-10-14 22:47:31 +04:00
// (re)-initialize session
2012-03-31 01:31:05 +04:00
session_start ();
2012-10-14 22:47:31 +04:00
// regenerate session id periodically to avoid session fixation
if ( ! isset ( $_SESSION [ 'SID_CREATED' ])) {
$_SESSION [ 'SID_CREATED' ] = time ();
} else if ( time () - $_SESSION [ 'SID_CREATED' ] > 900 ) {
session_regenerate_id ( true );
$_SESSION [ 'SID_CREATED' ] = time ();
}
// session timeout
if ( isset ( $_SESSION [ 'LAST_ACTIVITY' ]) && ( time () - $_SESSION [ 'LAST_ACTIVITY' ] > 3600 )) {
if ( isset ( $_COOKIE [ session_name ()])) {
setcookie ( session_name (), '' , time () - 42000 , '/' );
}
session_unset ();
session_destroy ();
session_start ();
}
$_SESSION [ 'LAST_ACTIVITY' ] = time ();
2012-03-31 01:31:05 +04:00
}
2012-06-06 19:29:57 +04:00
2012-08-02 19:47:38 +04:00
public static function getRouter () {
if ( ! isset ( OC :: $router )) {
OC :: $router = new OC_Router ();
2012-08-02 19:59:18 +04:00
OC :: $router -> loadRoutes ();
2012-08-02 19:47:38 +04:00
}
return OC :: $router ;
}
2012-09-07 17:22:01 +04:00
public static function init () {
2012-03-20 00:42:59 +04:00
// register autoloader
spl_autoload_register ( array ( 'OC' , 'autoload' ));
2012-04-08 05:30:06 +04:00
setlocale ( LC_ALL , 'en_US.UTF-8' );
2012-06-06 19:29:57 +04:00
2012-03-20 00:42:59 +04:00
// set some stuff
//ob_start();
error_reporting ( E_ALL | E_STRICT );
2012-09-04 16:34:09 +04:00
if ( defined ( 'DEBUG' ) && DEBUG ) {
2012-03-20 00:42:59 +04:00
ini_set ( 'display_errors' , 1 );
}
2012-05-22 22:22:53 +04:00
self :: $CLI = ( php_sapi_name () == 'cli' );
2012-03-20 00:42:59 +04:00
2012-05-24 02:49:21 +04:00
date_default_timezone_set ( 'UTC' );
2012-09-04 16:34:09 +04:00
ini_set ( 'arg_separator.output' , '&' );
2012-03-20 00:42:59 +04:00
2012-06-01 14:41:38 +04:00
// try to switch magic quotes off.
2012-10-16 21:42:17 +04:00
if ( get_magic_quotes_gpc ()) {
2012-06-01 14:41:38 +04:00
@ set_magic_quotes_runtime ( false );
}
2012-04-01 19:02:32 +04:00
//try to configure php to enable big file uploads.
//this doesn´ t work always depending on the webserver and php configuration.
//Let´ s try to overwrite some defaults anyways
2012-06-06 19:29:57 +04:00
2012-04-01 19:02:32 +04:00
//try to set the maximum execution time to 60min
@ set_time_limit ( 3600 );
2012-09-04 16:34:09 +04:00
@ ini_set ( 'max_execution_time' , 3600 );
@ ini_set ( 'max_input_time' , 3600 );
2012-04-01 19:02:32 +04:00
//try to set the maximum filesize to 10G
2012-09-04 16:34:09 +04:00
@ ini_set ( 'upload_max_filesize' , '10G' );
@ ini_set ( 'post_max_size' , '10G' );
@ ini_set ( 'file_uploads' , '50' );
2012-04-01 19:02:32 +04:00
//try to set the session lifetime to 60min
2012-09-04 16:34:09 +04:00
@ ini_set ( 'gc_maxlifetime' , '3600' );
2012-04-01 19:02:32 +04:00
2012-03-20 00:42:59 +04:00
//set http auth headers for apache+php-cgi work around
2012-09-04 16:34:09 +04:00
if ( isset ( $_SERVER [ 'HTTP_AUTHORIZATION' ]) && preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ 'HTTP_AUTHORIZATION' ], $matches )) {
2012-09-25 21:57:40 +04:00
list ( $name , $password ) = explode ( ':' , base64_decode ( $matches [ 1 ]), 2 );
2012-03-20 00:42:59 +04:00
$_SERVER [ 'PHP_AUTH_USER' ] = strip_tags ( $name );
$_SERVER [ 'PHP_AUTH_PW' ] = strip_tags ( $password );
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
2012-09-04 16:34:09 +04:00
if ( isset ( $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ]) && preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ], $matches )) {
2012-09-25 21:57:40 +04:00
list ( $name , $password ) = explode ( ':' , base64_decode ( $matches [ 1 ]), 2 );
2012-03-20 00:42:59 +04:00
$_SERVER [ 'PHP_AUTH_USER' ] = strip_tags ( $name );
$_SERVER [ 'PHP_AUTH_PW' ] = strip_tags ( $password );
}
2012-06-06 19:29:57 +04:00
2012-03-23 21:52:41 +04:00
self :: initPaths ();
2012-03-20 00:42:59 +04:00
2012-09-26 15:38:06 +04:00
register_shutdown_function ( array ( 'OC_Log' , 'onShutdown' ));
set_error_handler ( array ( 'OC_Log' , 'onError' ));
set_exception_handler ( array ( 'OC_Log' , 'onException' ));
2012-09-12 23:30:04 +04:00
2012-09-01 22:51:48 +04:00
// set debug mode if an xdebug session is active
2012-09-04 16:34:09 +04:00
if ( ! defined ( 'DEBUG' ) || ! DEBUG ) {
if ( isset ( $_COOKIE [ 'XDEBUG_SESSION' ])) {
2012-09-05 14:22:38 +04:00
define ( 'DEBUG' , true );
2012-09-01 22:51:48 +04:00
}
}
2012-03-20 00:42:59 +04:00
// register the stream wrappers
2012-09-04 16:34:09 +04:00
require_once 'streamwrappers.php' ;
2012-03-20 00:42:59 +04:00
stream_wrapper_register ( " fakedir " , " OC_FakeDirStream " );
stream_wrapper_register ( 'static' , 'OC_StaticStreamWrapper' );
stream_wrapper_register ( 'close' , 'OC_CloseStreamWrapper' );
self :: checkInstalled ();
self :: checkSSL ();
2012-03-31 01:31:05 +04:00
self :: initSession ();
2012-08-11 19:07:35 +04:00
self :: initTemplateEngine ();
2012-03-31 01:33:36 +04:00
self :: checkUpgrade ();
2011-09-18 22:57:05 +04:00
$errors = OC_Util :: checkServer ();
if ( count ( $errors ) > 0 ) {
OC_Template :: printGuestPage ( '' , 'error' , array ( 'errors' => $errors ));
exit ;
}
2011-08-07 01:19:00 +04:00
2011-09-18 22:57:05 +04:00
// User and Groups
2012-09-04 16:34:09 +04:00
if ( ! OC_Config :: getValue ( " installed " , false )) {
2011-09-18 22:57:05 +04:00
$_SESSION [ 'user_id' ] = '' ;
}
2012-03-01 21:44:26 +04:00
2012-07-19 18:31:55 +04:00
OC_User :: useBackend ( new OC_User_Database ());
2012-04-13 03:58:53 +04:00
OC_Group :: useBackend ( new OC_Group_Database ());
2011-07-31 02:23:06 +04:00
2012-10-08 15:35:59 +04:00
if ( isset ( $_SERVER [ 'PHP_AUTH_USER' ]) && isset ( $_SESSION [ 'user_id' ]) && $_SERVER [ 'PHP_AUTH_USER' ] != $_SESSION [ 'user_id' ]) {
OC_User :: logout ();
}
2011-10-18 23:19:13 +04:00
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS ;
2012-03-30 16:39:07 +04:00
global $RUNTIME_APPTYPES ;
2012-09-04 16:34:09 +04:00
if ( ! $RUNTIME_NOAPPS ) {
if ( $RUNTIME_APPTYPES ) {
2012-03-30 16:39:07 +04:00
OC_App :: loadApps ( $RUNTIME_APPTYPES );
} else {
OC_App :: loadApps ();
}
2011-10-18 23:19:13 +04:00
}
2012-06-06 19:29:57 +04:00
2012-09-01 04:48:54 +04:00
//setup extra user backends
OC_User :: setupBackends ();
2012-08-29 01:07:09 +04:00
// register cache cleanup jobs
2012-08-29 00:39:05 +04:00
OC_BackgroundJob_RegularTask :: register ( 'OC_Cache_FileGlobal' , 'gc' );
2012-08-29 01:07:09 +04:00
OC_Hook :: connect ( 'OC_User' , 'post_login' , 'OC_Cache_File' , 'loginListener' );
2012-08-29 00:39:05 +04:00
2012-04-04 02:31:34 +04:00
// Check for blacklisted files
2012-09-05 14:22:38 +04:00
OC_Hook :: connect ( 'OC_Filesystem' , 'write' , 'OC_Filesystem' , 'isBlacklisted' );
2012-08-11 19:04:04 +04:00
OC_Hook :: connect ( 'OC_Filesystem' , 'rename' , 'OC_Filesystem' , 'isBlacklisted' );
2011-10-18 23:19:13 +04:00
2012-02-28 14:16:19 +04:00
//make sure temporary files are cleaned up
register_shutdown_function ( array ( 'OC_Helper' , 'cleanTmp' ));
2012-06-05 19:45:09 +04:00
2012-04-26 23:56:29 +04:00
//parse the given parameters
2012-06-09 00:30:02 +04:00
self :: $REQUESTEDAPP = ( isset ( $_GET [ 'app' ]) && trim ( $_GET [ 'app' ]) != '' && ! is_null ( $_GET [ 'app' ]) ? str_replace ( array ( '\0' , '/' , '\\' , '..' ), '' , strip_tags ( $_GET [ 'app' ])) : OC_Config :: getValue ( 'defaultapp' , 'files' ));
2012-09-04 16:34:09 +04:00
if ( substr_count ( self :: $REQUESTEDAPP , '?' ) != 0 ) {
2012-04-28 00:22:03 +04:00
$app = substr ( self :: $REQUESTEDAPP , 0 , strpos ( self :: $REQUESTEDAPP , '?' ));
2012-08-06 23:45:02 +04:00
$param = substr ( $_GET [ 'app' ], strpos ( $_GET [ 'app' ], '?' ) + 1 );
2012-04-28 00:22:03 +04:00
parse_str ( $param , $get );
$_GET = array_merge ( $_GET , $get );
self :: $REQUESTEDAPP = $app ;
$_GET [ 'app' ] = $app ;
}
2012-04-26 19:55:00 +04:00
self :: $REQUESTEDFILE = ( isset ( $_GET [ 'getfile' ]) ? $_GET [ 'getfile' ] : null );
2012-09-04 16:34:09 +04:00
if ( substr_count ( self :: $REQUESTEDFILE , '?' ) != 0 ) {
2012-04-23 19:09:28 +04:00
$file = substr ( self :: $REQUESTEDFILE , 0 , strpos ( self :: $REQUESTEDFILE , '?' ));
$param = substr ( self :: $REQUESTEDFILE , strpos ( self :: $REQUESTEDFILE , '?' ) + 1 );
2012-04-23 22:11:21 +04:00
parse_str ( $param , $get );
$_GET = array_merge ( $_GET , $get );
2012-04-23 19:09:28 +04:00
self :: $REQUESTEDFILE = $file ;
$_GET [ 'getfile' ] = $file ;
2012-04-20 00:25:21 +04:00
}
2012-09-04 16:34:09 +04:00
if ( ! is_null ( self :: $REQUESTEDFILE )) {
2012-06-02 02:05:20 +04:00
$subdir = OC_App :: getAppPath ( OC :: $REQUESTEDAPP ) . '/' . self :: $REQUESTEDFILE ;
$parent = OC_App :: getAppPath ( OC :: $REQUESTEDAPP );
2012-09-04 16:34:09 +04:00
if ( ! OC_Helper :: issubdirectory ( $subdir , $parent )) {
2012-04-26 19:55:00 +04:00
self :: $REQUESTEDFILE = null ;
2012-04-26 20:08:49 +04:00
header ( 'HTTP/1.0 404 Not Found' );
2012-04-26 19:55:00 +04:00
exit ;
}
}
2011-09-18 22:57:05 +04:00
}
2012-08-08 23:08:20 +04:00
/**
2012-08-10 14:17:13 +04:00
* @ brief Handle the request
2012-08-08 23:08:20 +04:00
*/
public static function handleRequest () {
2012-08-11 19:07:35 +04:00
if ( ! OC_Config :: getValue ( 'installed' , false )) {
// Check for autosetup:
$autosetup_file = OC :: $SERVERROOT . " /config/autoconfig.php " ;
2012-09-04 16:34:09 +04:00
if ( file_exists ( $autosetup_file )) {
OC_Log :: write ( 'core' , 'Autoconfig file found, setting up owncloud...' , OC_Log :: INFO );
include $autosetup_file ;
2012-08-11 19:07:35 +04:00
$_POST [ 'install' ] = 'true' ;
$_POST = array_merge ( $_POST , $AUTOCONFIG );
unlink ( $autosetup_file );
}
OC_Util :: addScript ( 'setup' );
2012-09-04 16:34:09 +04:00
require_once 'setup.php' ;
2012-08-11 19:07:35 +04:00
exit ();
}
2012-08-08 23:08:20 +04:00
// Handle WebDAV
2012-09-04 16:34:09 +04:00
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'PROPFIND' ) {
2012-08-08 23:08:20 +04:00
header ( 'location: ' . OC_Helper :: linkToRemote ( 'webdav' ));
2012-08-10 14:17:13 +04:00
return ;
2012-08-08 23:08:20 +04:00
}
2012-08-11 03:00:26 +04:00
try {
OC :: getRouter () -> match ( OC_Request :: getPathInfo ());
return ;
} catch ( Symfony\Component\Routing\Exception\ResourceNotFoundException $e ) {
//header('HTTP/1.0 404 Not Found');
} catch ( Symfony\Component\Routing\Exception\MethodNotAllowedException $e ) {
OC_Response :: setStatus ( 405 );
return ;
}
2012-08-12 18:16:22 +04:00
$app = OC :: $REQUESTEDAPP ;
$file = OC :: $REQUESTEDFILE ;
$param = array ( 'app' => $app , 'file' => $file );
2012-08-10 14:17:13 +04:00
// Handle app css files
2012-09-07 17:42:37 +04:00
if ( substr ( $file , - 3 ) == 'css' ) {
2012-08-12 18:16:22 +04:00
self :: loadCSSFile ( $param );
2012-08-10 14:17:13 +04:00
return ;
2012-08-08 23:08:20 +04:00
}
// Someone is logged in :
if ( OC_User :: isLoggedIn ()) {
OC_App :: loadApps ();
2012-09-01 04:48:54 +04:00
OC_User :: setupBackends ();
2012-08-08 23:08:20 +04:00
if ( isset ( $_GET [ " logout " ]) and ( $_GET [ " logout " ])) {
2012-09-04 20:07:38 +04:00
OC_Preferences :: deleteKey ( OC_User :: getUser (), 'login_token' , $_COOKIE [ 'oc_token' ]);
2012-08-08 23:08:20 +04:00
OC_User :: logout ();
header ( " Location: " . OC :: $WEBROOT . '/' );
} else {
2012-08-10 14:27:37 +04:00
if ( is_null ( $file )) {
2012-08-12 18:16:22 +04:00
$param [ 'file' ] = 'index.php' ;
2012-08-10 14:27:37 +04:00
}
2012-08-12 18:16:22 +04:00
$file_ext = substr ( $param [ 'file' ], - 3 );
2012-08-10 14:27:37 +04:00
if ( $file_ext != 'php'
2012-10-27 19:45:09 +04:00
|| ! self :: loadAppScriptFile ( $param ))
{
2012-08-10 14:27:37 +04:00
header ( 'HTTP/1.0 404 Not Found' );
2012-08-08 23:08:20 +04:00
}
}
2012-08-10 14:17:13 +04:00
return ;
2012-08-08 23:08:20 +04:00
}
2012-08-10 14:17:13 +04:00
// Not handled and not logged in
self :: handleLogin ();
2012-08-08 23:08:20 +04:00
}
2012-08-12 18:16:22 +04:00
public static function loadAppScriptFile ( $param ) {
2012-08-12 18:52:36 +04:00
OC_App :: loadApps ();
2012-08-12 18:16:22 +04:00
$app = $param [ 'app' ];
$file = $param [ 'file' ];
2012-08-10 02:58:13 +04:00
$app_path = OC_App :: getAppPath ( $app );
2012-08-10 14:27:37 +04:00
$file = $app_path . '/' . $file ;
unset ( $app , $app_path );
if ( file_exists ( $file )) {
2012-09-04 16:34:09 +04:00
require_once $file ;
2012-08-10 14:27:37 +04:00
return true ;
2012-08-10 02:58:13 +04:00
}
2012-08-10 14:27:37 +04:00
return false ;
2012-08-10 02:58:13 +04:00
}
2012-08-12 18:16:22 +04:00
public static function loadCSSFile ( $param ) {
$app = $param [ 'app' ];
$file = $param [ 'file' ];
2012-08-10 02:58:57 +04:00
$app_path = OC_App :: getAppPath ( $app );
if ( file_exists ( $app_path . '/' . $file )) {
$app_web_path = OC_App :: getAppWebPath ( $app );
$filepath = $app_web_path . '/' . $file ;
$minimizer = new OC_Minimizer_CSS ();
$info = array ( $app_path , $app_web_path , $file );
$minimizer -> output ( array ( $info ), $filepath );
}
}
2012-08-10 14:17:13 +04:00
protected static function handleLogin () {
2012-09-01 04:48:54 +04:00
OC_App :: loadApps ( array ( 'prelogin' ));
2012-10-12 18:12:43 +04:00
$error = array ();
2012-08-10 14:17:13 +04:00
// remember was checked after last login
if ( OC :: tryRememberLogin ()) {
2012-10-12 18:12:43 +04:00
$error [] = 'invalidcookie' ;
2012-08-10 14:17:13 +04:00
// Someone wants to log in :
} elseif ( OC :: tryFormLogin ()) {
2012-10-12 18:12:43 +04:00
$error [] = 'invalidpassword' ;
2012-08-29 10:38:33 +04:00
2012-08-10 14:17:13 +04:00
// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
} elseif ( OC :: tryBasicAuthLogin ()) {
2012-10-12 18:12:43 +04:00
$error [] = 'invalidpassword' ;
2012-08-10 14:17:13 +04:00
}
2012-10-12 18:12:43 +04:00
OC_Util :: displayLoginPage ( array_unique ( $error ));
2012-08-10 14:17:13 +04:00
}
2012-09-04 22:36:26 +04:00
protected static function cleanupLoginTokens ( $user ) {
2012-09-05 19:33:15 +04:00
$cutoff = time () - OC_Config :: getValue ( 'remember_login_cookie_lifetime' , 60 * 60 * 24 * 15 );
2012-10-11 16:11:30 +04:00
$tokens = OC_Preferences :: getKeys ( $user , 'login_token' );
2012-09-04 22:36:26 +04:00
foreach ( $tokens as $token ) {
$time = OC_Preferences :: getValue ( $user , 'login_token' , $token );
if ( $time < $cutoff ) {
OC_Preferences :: deleteKey ( $user , 'login_token' , $token );
}
2012-08-10 14:17:13 +04:00
}
}
protected static function tryRememberLogin () {
2012-08-09 00:42:45 +04:00
if ( ! isset ( $_COOKIE [ " oc_remember_login " ])
2012-09-04 16:34:09 +04:00
|| ! isset ( $_COOKIE [ " oc_token " ])
|| ! isset ( $_COOKIE [ " oc_username " ])
|| ! $_COOKIE [ " oc_remember_login " ])
{
2012-08-09 00:42:45 +04:00
return false ;
}
OC_App :: loadApps ( array ( 'authentication' ));
if ( defined ( " DEBUG " ) && DEBUG ) {
2012-09-04 16:34:09 +04:00
OC_Log :: write ( 'core' , 'Trying to login from cookie' , OC_Log :: DEBUG );
2012-08-09 00:42:45 +04:00
}
// confirm credentials in cookie
2012-09-04 20:07:38 +04:00
if ( isset ( $_COOKIE [ 'oc_token' ]) && OC_User :: userExists ( $_COOKIE [ 'oc_username' ])) {
2012-10-11 13:38:42 +04:00
// delete outdated cookies
2012-10-11 14:30:43 +04:00
self :: cleanupLoginTokens ( $_COOKIE [ 'oc_username' ]);
// get stored tokens
2012-09-04 20:07:38 +04:00
$tokens = OC_Preferences :: getKeys ( $_COOKIE [ 'oc_username' ], 'login_token' );
2012-10-11 13:38:42 +04:00
// test cookies token against stored tokens
2012-09-04 20:07:38 +04:00
if ( in_array ( $_COOKIE [ 'oc_token' ], $tokens , true )) {
2012-10-11 13:38:42 +04:00
// replace successfully used token with a new one
2012-10-11 16:11:30 +04:00
OC_Preferences :: deleteKey ( $_COOKIE [ 'oc_username' ], 'login_token' , $_COOKIE [ 'oc_token' ]);
2012-10-15 22:00:33 +04:00
$token = OC_Util :: generate_random_bytes ( 32 );
2012-10-11 16:11:30 +04:00
OC_Preferences :: setValue ( $_COOKIE [ 'oc_username' ], 'login_token' , $token , time ());
OC_User :: setMagicInCookie ( $_COOKIE [ 'oc_username' ], $token );
2012-10-11 13:38:42 +04:00
// login
2012-09-04 20:07:38 +04:00
OC_User :: setUserId ( $_COOKIE [ 'oc_username' ]);
OC_Util :: redirectToDefaultPage ();
// doesn't return
}
2012-10-11 13:54:40 +04:00
// if you reach this point you have changed your password
// or you are an attacker
2012-10-11 14:53:34 +04:00
// we can not delete tokens here because users may reach
2012-10-12 13:12:31 +04:00
// this point multiple times after a password change
2012-10-11 16:12:19 +04:00
OC_Log :: write ( 'core' , 'Authentication cookie rejected for user ' . $_COOKIE [ 'oc_username' ], OC_Log :: WARN );
2012-08-09 00:42:45 +04:00
}
2012-09-04 20:07:38 +04:00
OC_User :: unsetMagicInCookie ();
2012-08-09 00:42:45 +04:00
return true ;
}
2012-08-10 14:17:13 +04:00
protected static function tryFormLogin () {
2012-09-29 17:18:38 +04:00
if ( ! isset ( $_POST [ " user " ]) || ! isset ( $_POST [ 'password' ])) {
2012-08-09 00:42:45 +04:00
return false ;
}
2012-09-01 04:48:54 +04:00
2012-08-09 00:42:45 +04:00
OC_App :: loadApps ();
2012-09-07 16:05:51 +04:00
2012-09-01 04:48:54 +04:00
//setup extra user backends
OC_User :: setupBackends ();
2012-09-07 16:05:51 +04:00
2012-08-09 00:42:45 +04:00
if ( OC_User :: login ( $_POST [ " user " ], $_POST [ " password " ])) {
2012-09-04 22:36:26 +04:00
self :: cleanupLoginTokens ( $_POST [ 'user' ]);
2012-09-04 16:34:09 +04:00
if ( ! empty ( $_POST [ " remember_login " ])) {
2012-08-09 00:42:45 +04:00
if ( defined ( " DEBUG " ) && DEBUG ) {
2012-09-04 16:34:09 +04:00
OC_Log :: write ( 'core' , 'Setting remember login to cookie' , OC_Log :: DEBUG );
2012-08-09 00:42:45 +04:00
}
2012-10-15 22:00:33 +04:00
$token = OC_Util :: generate_random_bytes ( 32 );
2012-09-04 20:07:38 +04:00
OC_Preferences :: setValue ( $_POST [ 'user' ], 'login_token' , $token , time ());
2012-08-09 00:42:45 +04:00
OC_User :: setMagicInCookie ( $_POST [ " user " ], $token );
}
else {
OC_User :: unsetMagicInCookie ();
}
2012-09-30 05:47:37 +04:00
header ( 'Location: ' . $_SERVER [ 'REQUEST_URI' ] );
exit ();
2012-08-09 00:42:45 +04:00
}
return true ;
}
2012-08-10 14:17:13 +04:00
protected static function tryBasicAuthLogin () {
2012-08-09 00:42:45 +04:00
if ( ! isset ( $_SERVER [ " PHP_AUTH_USER " ])
2012-09-07 17:22:01 +04:00
|| ! isset ( $_SERVER [ " PHP_AUTH_PW " ])) {
2012-08-29 22:34:44 +04:00
return false ;
2012-08-09 00:42:45 +04:00
}
OC_App :: loadApps ( array ( 'authentication' ));
2012-09-05 14:22:38 +04:00
if ( OC_User :: login ( $_SERVER [ " PHP_AUTH_USER " ], $_SERVER [ " PHP_AUTH_PW " ])) {
2012-08-09 00:42:45 +04:00
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
OC_User :: unsetMagicInCookie ();
$_REQUEST [ 'redirect_url' ] = ( isset ( $_SERVER [ 'REQUEST_URI' ]) ? $_SERVER [ 'REQUEST_URI' ] : '' );
OC_Util :: redirectToDefaultPage ();
}
return true ;
}
2011-03-03 00:18:22 +03:00
}
2010-03-10 15:03:40 +03:00
2011-09-18 22:57:05 +04:00
// define runtime variables - unless this already has been done
2012-09-04 16:34:09 +04:00
if ( ! isset ( $RUNTIME_NOAPPS )) {
2011-09-18 22:57:05 +04:00
$RUNTIME_NOAPPS = false ;
2011-07-29 23:03:53 +04:00
}
2011-10-20 01:38:35 +04:00
if ( ! function_exists ( 'get_temp_dir' )) {
function get_temp_dir () {
if ( $temp = ini_get ( 'upload_tmp_dir' ) ) return $temp ;
if ( $temp = getenv ( 'TMP' ) ) return $temp ;
if ( $temp = getenv ( 'TEMP' ) ) return $temp ;
if ( $temp = getenv ( 'TMPDIR' ) ) return $temp ;
2012-09-04 16:34:09 +04:00
$temp = tempnam ( __FILE__ , '' );
2011-10-20 01:38:35 +04:00
if ( file_exists ( $temp )) {
unlink ( $temp );
return dirname ( $temp );
}
2011-11-22 04:48:08 +04:00
if ( $temp = sys_get_temp_dir ()) return $temp ;
2012-06-06 19:29:57 +04:00
2011-10-20 01:38:35 +04:00
return null ;
}
2011-07-29 23:03:53 +04:00
}
2011-11-13 19:16:21 +04:00
OC :: init ();